Encrypting Phone Storage and Transmission? (2011 Version) 198
An anonymous reader writes "Soon I'll be moving to one of the hot, culturally restrictive countries which has recently been in the news ... and which monitors and filters web traffic. ISPs and cellular providers are both owned by the government. Needless to say, I'm concerned about privacy and am even posting to my fellow Slashdotters as an anonymous coward. Which smart phones are the best for a) encrypted storage, and b) encrypted transmission? I'm not worried about encrypting SMSs or traditional voice traffic, but I would like all IP traffic as secure as possible. Setting up a server in my less restrictive home country is an option. What storage encryption and transmission encryption would you recommend for that situation? I'm willing to buy yet another device, if necessary. (No, I won't get a SatPhone.) I currently have a Nokia N900 running Maemo5 and another device running Symbian S60v3. I was hoping to have a secure OS like BackTrack running on the N900, but it looks like the software was never totally ported for the device."
Traditional VPN? (Score:5, Informative)
Why not a traditional VPN with an Android or iOS device? Symbian should also be able to support VPN connections as well.
Re:Traditional VPN? (Score:4, Informative)
That's my thought too. There are lots of reasonably priced VPN services out there, or you could run your own. But for ~$10 a month or less, why bother? I've used the $6 "Premium" service from hideipvpn.com & it was fine, I'm sure that there are others that are just as good though.
Re: (Score:2)
CQ? CQ? (Score:2)
While I think the parent is being funny, Ham Radio would be something that couldn't be stopped as long as you have little power.
Re:Traditional VPN? (Score:4, Insightful)
That's just asking for trouble....unless you happen to be someone that wears some form of the various headgear/hats the peoples over there seem to all sport.
Why any sane person from the free part of the world would go over there....especially NOW...is beyond me.
I mean, hell...I'd do just about anything for a dollar..but I'd not risk my life (and head) by going over there for any amount of money.
Re:Traditional VPN? (Score:4, Informative)
I think the best advice would be...to stay as far the fuck away from any middle eastern country to begin with!!
There is a western, christian country, that is in the news at all times, known for seizing laptops at borders and keeping your data.
In fact, when I travel there, I don't carry my laptop or any personal/work data with me, that's how worried I am.
Why any sane person from the free part of the world would go over there....especially NOW...is beyond me.
There is no free part of the world. There are only shades of grey. There are places where you are safer and worse places, but enemies of freedom exist and act everywhere.
Add to that the fact that your definition of freedom probably doesn't match what some other people believe, and the whole "free world" concept becomes a dumb idea.
I mean, hell...I'd do just about anything for a dollar..but I'd not risk my life (and head) by going over there for any amount of money.
And you probably make enough. The world is full of people who risk their lives to make a dime. Otherwise, there would be no cops, no antenna installers, no tall buildings. That is because they can make a better living that way than staying safe.
Re: (Score:2)
Re: (Score:3)
I have OpenVPN running nicely on my Android 2.1 phone. Had to root it, tho.
And since you are rooting it, you shoud be able to partiton you sdcard and setup some kind of encrypted filesystem. I havent tried it yet, but might just to see if is possible.
Also, in a country like that, you might try getting a phone without a camera... just in case.
Re: (Score:2)
OpenVPN runs fine on the N900 too (I use it a lot), and as the author has the N900 already he should be all set up.
Re: (Score:2)
Yep and it's possible to encrypt most of the storage on the N900 as well, although it's a gigantic PITA. I'd set aside a good bit of time just for getting that working. The downsides: Increased CPU usage (just overclock to compensate), the root partition can't be encrypted (not a huge problem, just don't store anything sensitive on it), and once you encrypt your 32GB internal storage and MicroSD, you can't access them via USB mass storage mode. You can still use anything else though - you can use SCP or Sam
Re: (Score:2)
I wonder if we can get FUSE working on Android. That would open a lot of possibilities...
Comment removed (Score:5, Insightful)
Re: (Score:2)
Using a VPN doesn't automatically finger you. Keyword filters-- the spoken kind of keywords-- do. If you do data, reboot frequently to change your IP address. Or, if you think about it, change your MAC and IP address by incrementing by 1 or 2 (etc) your address; you're unlikely to bump into a collision. Smart guys figure out address domains.
Otherwise, figure you're being listened to all the time. GSM is as easy to crack as an egg these days. Data ought to be encrypted as mentioned above. Don't save files wi
Re: (Score:3)
All good points. To add a concern: I don't know the laws in these countries, but perhaps even possessing crypto tools is illegal? I'd check into that before using this stuff in country.
Re: (Score:2)
Email is probably going to be an ssl connection to an exchange server back home, so even if you do nothing, they can't read your emails. A lot of people are going to use VPN to access their workplace network back home simply because it is the only way to get in, so I don't think VPN traffic will be that unusual.
Re: (Score:2)
Not just encryption measures. I was travelling to a not-very-hot, not-particularly-repressive country to work one time and I was planning to take my hand-held GPS, just for shits'n'giggles. But I had the burglars come round and take it instead, so I didn't. When I was there, I discovered that a nearby town had recently completed the conviction
Re: (Score:2)
Which "not-particularly-repressive country" convicts any Western citizen to 5 years of forced labor camps for possession of a GPS device? And how's that "not particularly repressive"?
Please tell me so I can avoid that hellhole. All phones now have GPS embedded which I can't possibly turn off when crossing the border. And I won't buy a second phone just for a 10 days vacation. I will gladly rewards laws like that by saving them from having to take my dirty Western tourist money.
Re: (Score:2)
By consistently streaming encrypted information out of the country, will you just make yourself a target for more invasive surveillance measures (and perhaps some rubber hose cryptanalysis)?
Obligatory xkcd [xkcd.com].
Re:Traditional VPN? (Score:4, Insightful)
Could a constant stream of encrypted data going thru his carrier and ISP bring government attention to him or her?
Will this hot, culturally restrictive government just throw their hands up and say, "well... he's got a VPN... not much we can do"?
Re:Traditional VPN? (Score:4, Insightful)
Re: (Score:2)
Right, most phones can be set to send all IP traffic over the VPN. That'll mean someone has to break your VPN to get at the traffic which is hard enough you may as well consider it impossible. Also, it has the advantage of being very easy to set up.
Encrypted storage on Android? (Score:2)
And what would one use for the first of the two requirements, encrypted storage, on an Android platform? I'd love to hear of a solution.
Re: (Score:2)
Truecrypt seems like it would fit the bill. Just need to build the kernel modules.
Re: (Score:2)
...but then, I imagine the Google apps (and quite a few others, no doubt) leak clear text data by the bucket load. Even if you do encrypt your local storage, and use a VPN, I don't think that Google Mail and Maps and MyFace and BootPrints and ... will make use of it. Not to mention all the ad-enabled and profiled free apps, which are sending (anonymised, but still) usage data who-knows-where.
If you want to be paranoid about your smart phone, be smart and use a dumb phone, and a proper PDA on the side.
Re: (Score:2)
TOR is also available for Android. Unfortunately full encryption of the phone's flash storage won't be available until Gingerbread 3.0 though.
Re: (Score:2)
it depends a bit on which symbian s60 3rd ed phone he has, not all of them shipped with the vpn bits(3rd party software though could help with that, though I don't know if any of the solutions that work are sold for consumers).
anyways, go with a shabby symbian that you can get the needed sw for, that way you're off the radar at checkpoints. if you bring satphones or stuff that looks like it, you'll get flagged. that's how it works if they've been following the news too.
oh and a FAKE encrypted drive there ne
Watch out (Score:3, Interesting)
If you are going to Saudi...co-workers couldn't wait to get the hell out of there. VERY SCARY PLACE. Public beheadings on Fridays.
Re: (Score:2, Funny)
But the Saudi's are an American ally? How could they be a brutal, repressive dictatorship that exports terror to the world if they're an American ally?
I heard from Glenn Beck that Kenyan Muslim Communists like Obama want to overthrow our allies in the middle east to spread the Muslim Caliphate across the world. Are you a Kenyan Muslim Communist?
Buy the phone in that country (Score:4, Interesting)
A little different (Score:2)
This isn't the exact solution, but you sould be able to tunnel a skype connection over the Tor network, for a short period of time.
Depends on the length of communication, which isn't stating in the question.
Re: (Score:2)
boncee (Score:4, Interesting)
Bouncee [bouncee.net] is a VPN service designed to protect the privacy of international travelers. It encrypts all your network traffic and routes it through a server in the United States.
It's also really, really cheap. This sounds like what he's looking for.
Re: (Score:2)
Bouncee [bouncee.net] is a VPN service designed to protect the privacy of international travelers. It encrypts all your network traffic and routes it through a server in the United States.
It's also really, really cheap. This sounds like what he's looking for.
Do they have a mobile version?
Re: (Score:2)
Right now PC is supported, but mobile support is planned.
Re: (Score:3)
Re: (Score:3)
If you wanted credentials you would host a free service. A commercial service would have far fewer users and a money trail to the person who runs it.
Solution. (Score:5, Interesting)
I have the same problem. I am not in a restrictive country, however my phone lines are tapped on a regular basis since i deal with defendants. its not paranoia -- they really do tap phones of attorneys to get around atty/client and ive seen the records more than once. I use an SSH connection to a tomatousb router (ASUS RT-N16) and forward ports to my N810. you can do the same with your N900. this allows me to do VOIP directly and also share the same connection locally by letting my N810 serve as a local hotspot. All traffic is encrypted with SSH until it reaches my home which is on a dynamic ip anyway. This has worked against local and fed agencies but may not work against NSA/big brother type agencies or against foreign government state departments. You need a fast upload connection (my 25/2 Mbps cable connection works fine). For anything more than the usual calls i meet people in person at the office. meeting in person is covered by priv and works well.
Re: (Score:2)
they really do tap phones of attorneys to get around atty/client and ive seen the records more than once.
I don't think I understand the situation here. Who are "they"? Are you the attorney? Does "atty/client" refer to some set of laws that restrict whom "they" may bug and not?
Re:Solution. (Score:5, Informative)
Welcome to the US. If you're speaking on a phone, you're not talking in private, if you're talking in a room where other people are or have been, you're not talking in private. Better-paid attorneys will actually sweep the rooms regularly for bugs and have external audits performed.
Why you ask? The duty to keep the attorney/client privilege is not on the state but on the attorney so the state could get a warrant (or not if you're DHS/FBI, the Patriot Act cares for it) for the wiretapping of an attorneys office if they could demonstrate (or not) that it could further their case. If a cop 'accidentally' overhears a conversation between an attorney and his client, it can be used or even if it can't be used in court it could be used in questioning and pressuring. The only exception to that is at a prison or a state office where the attorney or client can request a private area to conduct their conversation (again, duty is on the attorney or his client to request such privacy) but most likely they won't carry on a conversation in those settings - the focus would be to get them out of there first without saying too much if possible.
Re:Solution. (Score:5, Insightful)
I am not in a restrictive country, however my phone lines are tapped on a regular basis since i deal with defendants.
Y'know, if the second part of that statement really is true, you might just want to re-think the first.
Re: (Score:2)
sorry, accidental negative moderation. undoing. fuck this trackpad. mod this message down.
Re: (Score:2)
I don't follow; it's legal for them to tap your phone but not put a bug on your person/office and record face-to-face conversations?
Moxie Marlinspike and Whisper Systems (Score:2)
consider steganography over cryptology (Score:5, Insightful)
Re:consider steganography over cryptology (Score:4, Interesting)
IMHO, the way to go would be an android phone with an extra
Re: (Score:3, Interesting)
Re: (Score:2)
What's missing on the N900? (Score:3)
It has support for OpenVPN, SSH and tor out of the box. There was one guy in #maemo I think that said he succeeded at implementing full disk encryption, you might want to come there and ask. And if you install kernel-power you'll be able to be use iptables, which should help with making sure only what you want gets in and out.
Now, will encryption help you? What is going to happen to you if you're arrested and suspected of accessing something you shouldn't? I'm thinking that in such a place, if they find you have a heavily encrypted phone they're just not going to let you go if they can't get data off the device, and refusing to tell the password might not be a great idea.
Perhaps you should look more at plausible deniability. Try to set up the phone in a manner that is as un-suspicious as possible, make sure nothing incriminating gets logged on the device, and do all your suspicious activities on some remote server, with some panic system that can remove anything suspicious like tor or ssh without leaving a trace if you get in trouble.
For testing what gets stored, you could try using rsync. Sync the entire phone, do something like loading a website, sync again and see what changed.
Re: (Score:2)
Perhaps you should look more at plausible deniability
"Plausible" is in the eyes of the man holding the cattle prod.
Re: (Score:2)
Yes, exactly.
The cattle prod man is certainly not going to be happy if he finds encryption, proxies and so on. So the goal would be to make it look like a normal phone with nothing unusual or interesting on it.
Re: (Score:2)
So the goal would be to make it look like a normal phone with nothing unusual or interesting on it.
He's fucked. The N900 is not 'a normal phone' and it only has interesting and unusual stuff.
Re: (Score:2)
Unfortunately the N900 only supports ~59GB of furry pictures (27GB available on the device + 16GB on SD card)
Secure Imap/Smtp + SSL in browsers (Score:2)
About the best you can do with off the shelf phones is to use an email client that supports secure communications, and visit
web sites using ssl only. (not Slashdot).
You could try some of the secured proxy browsers such as https://www.the-cloak.com/ [the-cloak.com] (self issued certificate - so due diligence required)
as a way to browse sites like Slashdot that don't offer secure connections.
Re: (Score:2)
> How hard would it be for a foreign hacker to hack some email provider's web servers and grab the private SSL cert?
> Is that completely impossible in today's IT environment? Then, back in their home country, do a "man in the middle"
> and intercept the SSL traffic destined for the email provider, etc. etc.?
They don't even have have to in most (governments) cases. All they need is their local friendly and trusted CA to sign a few MITM certs for them....
Blackberry + BES Express (Score:5, Informative)
Set up a BES Express server, and get a BlackBerry. I'm not sure you can find equivalent security on any other platform. The BES Express server (free) offers transparent VPN. The devices themselves are unmatched, security-wise (though you'd be stepping back like 5 years in features). Email might be a problem if you don't want to also run exchange or lotus domino, but you could easily set up an IMAPS server and use that.
Re: (Score:2)
Re: (Score:2)
Ack, I didn't realize how crazy the system requirements were for a BES. Perhaps not the best solution. Though if you set up your own VPN and IMAPS server the devices will still be the most secure available (keys never leave the device).
Re: (Score:2)
Re: (Score:2)
and.... you'll need a SQL server too - all that BES environment is Microsoft server based. Not sure how much that is. Once you have the server, you'll need access to mobile network for your device(s) from BES - assume that's not free either.
Good luck!
It includes an MSSQL Express Instance. Which is free.
So, okay, let's be real. If you're one random paranoid guy looking to encrypt his phone transmission this platform isn't for you. On the other hand if you're like a huge portion of the business world and already have some Windows infrastructure, this is a really, really good solution.
BES Express is free and estimated scalable to 3,000 users on one box assuming a hefty box. One of the things I like about BES the most as an IT guy is the easy of individ
Re: (Score:2)
Re: (Score:2)
BES should be in the US, the data will flow through the foreign carrier but it will be encrypted. So unless you are a high value target, I don't think they'll spend the resources to decrypt that data. It would take a little while.
The correct answer is that the BES should be wherever it isn't like to be be seized. I'm not entirely sure given some of the entertaining news in the last year or so that the US qualifies. Still, ultimately the model is that BES is one end of a secure transmission system. If a government seizes that server, they've already got access to your datacenter and can just hit the mail server itself.
Having BES exist in a foreign country isn't any less secure.
Re: (Score:3)
Unlike many of the custom Android solutions being suggested on here, this requires an unmodified BlackBerry in a setup that is standard for pretty much any company. Having a setup which is highly customized for evading surveillance might work well, but if you're caught with it the consequences could be severe. Having something which is standard fare among business travellers
Re: (Score:3)
If you use your own BEServer, it encrypts traffic between the phone and the server using keys known only to it and the phone (I think during pairing the server tells the phone its public key, the phone generates a key-pair, encrypts its public key using the server's public key, and transmit it to the server -- this is probably a wrong explanation, since the public key is supposed to be public, why should it be encrypted before transportation), so not even RIM can see what the data payload is, if you trust t
Re: (Score:2)
That's for BIS, which is basically where you use your Blackberry without having your own server infrastructure.
Your best bet ... (Score:5, Insightful)
Is not to use those services. Generally speaking, if the country is that restrictive, they probably will not take kindly to a foreigner trying to bypass the restrictions.
A good rule of thumb to travel: obey local laws. If you don't like them, don't go there. As a foreigner, you are in a pretty risky spot to try to take matters into your own hand.
Re: (Score:2, Insightful)
Is there a local law against encryption?
The problem isn't the laws, it's the lack of "the rule of law".
Re: (Score:2)
I don't think that it's well defined whats Legal and for who in the country he is going to, same drill as with ussr - the only way to move through there doing business was to wing it, as nothing was defined - everything was always up to the local police(mp or not) and whoever happened to wield power for whatever reason in whatever area(doing business in russia is still hard for the same reasons, ikea lost a billion - this is also why it's a necessity to be able to withstand HEAVY drinking, to get to know th
You're deluding yourself. (Score:3)
You're going to a restrictive country with little human rights, and you think that encryption will keep you safe?
I think that XKCD put it best... http://xkcd.com/538/ [xkcd.com] I'm surprised nobody's posted this yet.
BackTrack != Secure (Score:3, Informative)
Be realistic here (Score:2)
I'm all for security, but a lot of Slashdotters really need a sense of perspective.
Most current gen phones will do tunnels... (Score:2)
the iPhone can do PPtP tunnels.. I haven't played on my Nokia N800, but I'm positive it can do it as well.. and I can't see any reason why you couldn't do it on an Android. I believe the Crackberry has such a large business-centric user-base, I'd be very sup
Setting up and using an encrypted tunnel is pretty basic and most recent generation phones you'd even want to bother 'surfing' on should be able to do this. So if you're shopping for a new device, I'd just add this to a check-box list of features you wan
ssh (Score:2)
It sounds you are using your phone to provide IP to other devices. You can just use ssh on those "other devices" to port forward anything you like. There is no need for any special phone nor software running on the phone when the IP traffic itself is already encrypted.
Bad Idea (Score:2)
The fact of the matter is that if the country is actually using sophisticated techniques to look for spies, they will be actively looking for data traveling in an encrypted form to the united states.
It would be a shame to be captured and interrogated because the tyrants didn't know that "secret message" was about how much you hate your boss.
BackTrace Secure? (Score:2)
I'm pretty sure the poster doesn't actually know what they need, want or are asking for, but best wishes.
n900 is probably the most flexible (Score:5, Informative)
Some resources for the n900:
----- file system encryption-- ...and then mount the phone's encrypted volume from the card, thru 1 usb connection
Truecrypt for true cross-platform encryption on the phone's non-boot volume
(available by default in the N900's Extras-Testing repository)
A nice script to simplify use of TrueCrypt (no screen icon = non-obvious = good)
http://forums.internettablettalk.com/showthread.php?p=597269
Also note that for your pc, you can put the x86 tc.exe on the phone's unencrypted boot volume,
----- IP encryption
Tor is available as a package and works well, tho with caveats
http://www.torproject.org/docs/N900.html.en
SSH is also available
----- semi-secure voip
Skype support is inbuilt (tho sometimes suspect w/proprietary encryption & whatnot)
configure thru Settings>Connectivity>VoIP and IM.
Run your own Asterisk PBX on the n900 with an encrypted config/tunneled
available in the Extras repository
----- alt boot options
option to boot alt OS hidden on card
http://wiki.meego.com/ARM/N900/Install/Dual_Boot
http://neopwn.com/ (sometime soon, one hopes)
option to carry a hidden/alt bootable PC OS in your phone
http://zitstif.no-ip.org/?p=451
Android, Symbian, and Maemo (Score:2)
I'd believe that only Maemo offers moderately convenient gpg encrypted mobile email, not via the default email client sadly, although maybe you could hack that. Afaik, Maemo boasts the only mobile OTR messaging solution too. Android and Symbian beat out Maemo when your talking encrypted voice calls however since only they boast Zfone implementations. If the country is evil enough though, they might not even have access to skype conversations, not sure how skype handles baddies.
Afaik, all modern mobile pl
Android works pretty well (Score:2)
It supports both regular VPN and tunnelling with ssh (or any other command line program). The browser can be configured to go through a proxy if you like. If you want a mainstream phone, that's probably the best way to go. There are also lots of encryption solutions.
iPhone is nearly useless from a security point of view: when the VPN connection shuts down (as it does from time to time), it starts transmitting your data unencrypted; totally unacceptable!
If you want any more control, you probably need to g
Plausible deniability? (Score:3)
I'm not worried about encrypting SMSs or traditional voice traffic, but I would like all IP traffic as secure as possible.
If your traffic doesn't require real-time reporting of events (i.e. a delay of 2-3 hours between the event and the report is OK) and doesn't require large amount of data (i.e. text reports rather than video).
1. As you control both ends of the communication, consider a prearranged set of one-time pads
2. Plausible deniability [wikipedia.org] - including steganography and Rubberhose filesystem [wikipedia.org]
3. Netbook instead of a smart-phone? (easier to arrange, no need to hack the phone)
Good luck.
Re: (Score:2)
3. Netbook instead of a smart-phone? (easier to arrange, no need to hack the phone)
Exactly, why trust any phone hardware? Too much unknown in the drivers/custom firmware and serials linking coms to your device and location within 1km.
99.9% of phones wont have non standard security features setup, any which do are just asking to be confiscated for further investigation, which is inconvenient if nothing else.
Encryption of stored data is useless, your options are to supply the key, or to be charged with some other falsified charge such as drug possession which you will have no defence agains
Re: (Score:2)
He's got a N900. Do you think 'they' have hidden something in the OpenGL drivers? Or the battery driver? Most of the rest of it is open source.
Re: (Score:2)
For #2 make sure you're worth enough alive so when they discover your "clever" scheme the response isn't "How cute. He's a spy. Execute him. Then perhaps we'll bother to try decrypting his device."
Re: (Score:2)
"Soon I'll be moving to one of the hot, culturally restrictive countries which has recently been in the news ...Which smart phones are the best for a) encrypted storage, and b) encrypted transmission?
As the person is already committed to do it, can you recommend better schemes? If so, I'm sure the person asking will be grateful.
Re: (Score:2)
Yes. If you don't *NEED* (not just want) encryption don't use it and don't do things you'd like to do but don't *NEED* to do that would require encryption. Just having the tools, or the appearance of having the tools, may be enough to get someone interested in what you're up to.
Some governments don't care about "clever" little tricks of legality and will just throw the book at you.
Re: (Score:2)
Re: (Score:2)
> you can probably generate several gigabytes of one-time pads
Now all we need is a mail client, that can actually use that generated random data for OTP encryption...
Could be dangerous ... (Score:5, Insightful)
Before you start trying to figure out how to circumvent being spied upon by the host government, maybe you should look into the possible consequences of this. It may well be that if they find out that you're doing this, things could really turn out bad for you.
It's generally a good idea to try to actually obey the laws of the country you're going to, especially if it's as volatile as you say it is. If you're a foreign national and don't have any sort of diplomatic protections, you could be playing a risky game.
Re: (Score:3, Informative)
I currently live in and have been working in one of those 'hot' countries for several years. First, your concerns about privacy seem misplaced to people who live around here. Tracking is for the general plebes who live there and have nowhere else to go. As a foreigner, your behaviors doesn't matter as much so long as you are not part of the problem. If you are a problem, forget about your supposed rights and privacy that you believe that you are entitled to.
First, the government/state/security/police can ju
Re: (Score:2)
Before you start trying to figure out how to circumvent being spied upon by the host government, maybe you should look into the possible consequences of this. It may well be that if they find out that you're doing this, things could really turn out bad for you.
It's generally a good idea to try to actually obey the laws of the country you're going to, especially if it's as volatile as you say it is. If you're a foreign national and don't have any sort of diplomatic protections, you could be playing a risky game.
I don't think he is planning on organizing a coup or bombing a mosque. From how i read TFS it seems to be just a regular guy who wants to continue to do his email, post to slashdot, facebook, browse the web, without being restricted by a firewall or having his passwords sniffed or his privacy compromised. Setting up a VPN and doing all traffic through it seems to be a pretty reasonable approach. I'm pretty sure businessmen VPN into their company network from this kind of country all the time, so I doubt it
Re: (Score:2)
Then, I fear, you grossly underestimate what doing encrypted traffic in a 'repressive regime' might cause for personal ramifications.
There isn't a lot of room to quietly do things The Government of such a country might not want you to do.
What you may think is perfectly reasonable might, in your comfortable Western existence, not get you very far in a practical situation in such a country. Any government which might be willing to use force against it's own citizens might not actually give a fsck about you .
Just use https (Score:2)
From what I know, an encrypted data connection is of limited value.
1) If you are using HTTP, the ISP can listen-in on you even if the communication to the tower is encrypted.
2) If you are using HTTPS, and the certificates are properly validated, then the communication is encrypted from the phone to the tower past the ISP and all the way to the web site. They can't listen in on you at any level. The only potential gain I see see to encrypting the data communication as well is that someone can't tell what s
Pwnie Express (Score:2)
Pwnie Express sells a N900 with Backtrack installed, dunno how well the phone functions though
I'm using OpenVPN for N900. (Score:2)
Setup a OpenVPN box somewhere free (VPS Hosting) and install the OpenVPN application for the N900 - Works great for me !
Don't solve the wrong problems (Score:2)
To start off, here's the obligatory xkcd cartoon to go with the question: http://xkcd.com/538/
Having spent some time in those countries, you should be careful to also consider the social aspect of what you want to do. Encrypting data is all fine and dandy, but that will only help against snooping and in case you lose your phone. At a checkpoint full of burly men asking you to show them what's in the file myporn.secret or SoundOfMusic.avi, encryption wont help. You will hand over either your 25 character top
Re: (Score:2)
Or alternatively if the oppressive country is the US, just start it with "God bless America!"
Re: (Score:2)
No, but there are those pesky illegal wiretaps.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
After coming back on in an hour, and attempting to establish the tunnel again, we discovered, that traffic had slowed by 70% over the tunnel, and that two routers in the hops right before the gateway link out of China were dropping packets, but only the tunneled traffic. It looked to us that we had triggered some type of attempt to monitor our traffic, we stopped tunneling. In the coming months we found a bug in our board room, there were several attempts to hack into our office netwokr, two that we knew were successful. Coincidence?
No. Your network administration people suck incredible amount of ass, so they can't configure routers in a non-SSL-breaking way, and allow your network to be "hacked" by random skr1pt kiddies.
Re: (Score:2)
If you are an American and are going to participate in political demonstration in a foreign country, you deserve anything and everything that will be done to you.
Re: (Score:2)
> (1) As far as encrypting the data on the phone itself, I'd recommend Blackberry if you can swing it. It's the only phone I know of
> that has the capability of actually encrypting the filesystem, though maybe that's changed.
Since you have full access to the OS, can you do a full LUKS, perhaps even on LVM, setup on the N900? Anyone know?